Commit Graph

4777 Commits (acef9de711158957eb349c5688e7497fdf66eea0)

Author SHA1 Message Date
sinn3r 5165865560 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-28 14:07:19 -06:00
sinn3r 59ab0c3a18 Fix bug #6021, Thanks Borys 2011-11-28 14:06:56 -06:00
Tod Beardsley 44a47f9913 Fixing up OWA bruteforce module to conform with the usual print_status
messages.
2011-11-28 13:31:54 -06:00
sinn3r a578db7f56 Apply fix for #6019 2011-11-28 01:12:18 -06:00
sinn3r ebfe269698 Apply patch for #5824 2011-11-26 16:52:12 -06:00
sinn3r 5e08c93ac9 Apply patch #5580 2011-11-26 15:32:43 -06:00
sinn3r b7950a752e Add feature #4929 (MS09-053) 2011-11-26 13:30:35 -06:00
sinn3r 82a5da866a Fix bug: table being saved while empty 2011-11-25 00:54:17 -06:00
sinn3r ec3c37d963 Actually, don't really have a good reason for that exception handling anymore. I think. 2011-11-25 00:41:28 -06:00
sinn3r 3e7c821119 Fix undefined method 'cmd_exec' bug. Thx Boris. 2011-11-25 00:34:33 -06:00
sinn3r 7571466014 Add Thunderbird credential collector (Feature #6014) 2011-11-24 19:39:34 -06:00
David Maloney 900232fb60 HTTP login scanners need to set duplicate_ok to true
or different web applications on the same server
may wipe eachother's creds out.
2011-11-23 23:05:51 -06:00
David Maloney 53b3e96af4 Added a check to the Axis login scanner to ensure
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
2011-11-23 23:05:51 -06:00
sinn3r 3954030963 Apply patch #6004 2011-11-23 23:05:51 -06:00
David Maloney d1c44160dd Fix to the axis2 Deployer exploit to add Default Target 2011-11-23 23:05:51 -06:00
David Maloney d3887d20e5 Consolidation of the Axis2 Deployer Exploits
Fixes #5276
2011-11-23 23:05:51 -06:00
David Maloney c61d02686a HTTP login scanners need to set duplicate_ok to true
or different web applications on the same server
may wipe eachother's creds out.
2011-11-22 13:04:10 -08:00
David Maloney 9d7f7b1f0e Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-22 11:53:14 -08:00
David Maloney 9e40fac8b1 Added a check to the Axis login scanner to ensure
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
2011-11-22 11:52:06 -08:00
sinn3r 8b729b59f8 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-22 13:08:08 -06:00
sinn3r 25f4b45bd1 Apply patch #6004 2011-11-22 13:07:46 -06:00
David Maloney 4a22df4014 Fix to the axis2 Deployer exploit to add Default Target 2011-11-22 10:27:38 -08:00
David Maloney 30d1451159 Consolidation of the Axis2 Deployer Exploits
Fixes #5276
2011-11-22 08:47:53 -08:00
David Maloney 4ef7c373e9 Fix to typo in the tables being pushed. 2011-11-22 00:06:58 -06:00
David Maloney f81567fb6f Fix to typo in the tables being pushed. 2011-11-21 15:49:57 -08:00
sinn3r e11ca43c37 Add feature #5680 2011-11-21 12:39:45 -06:00
sinn3r 76846aa578 Add MS10-038 (CVE-2010-0822) exploit 2011-11-21 11:36:47 -06:00
sinn3r 28a079f308 Add credit to the appropriate researcher 2011-11-20 02:32:45 -06:00
sinn3r 95d639ccf7 Change target index and names. Also retested on XP all the way to Win 7, IE 6 to IE8. 2011-11-20 01:44:52 -06:00
sinn3r 980cd4c888 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-19 20:41:29 -06:00
sinn3r 9c2fab0921 Add CVE-2010-0356 (Viscom Movie Player Pro) by tecr0c 2011-11-19 20:40:04 -06:00
James Lee 67120d4263 msftidy on aux modules, see #5749 2011-11-20 13:12:07 +11:00
James Lee f35b6c5269 msftidy on post modules for spaces at EOL 2011-11-20 12:53:25 +11:00
sinn3r a4cadf0d53 remove the extra comment that's not used 2011-11-19 12:48:39 -06:00
sinn3r 30f13984ea Add wireshark console.lua exploit (CVE-2011-3360) 2011-11-18 21:24:48 -06:00
David Maloney ff22246119 Attempt to fix #5979 2011-11-18 12:53:35 -08:00
Tod Beardsley eca1253439 updating sudo 2011-11-18 10:17:43 -06:00
Tod Beardsley 356e0e6fb5 Moving sudo from linux to multi, because it is. 2011-11-18 10:16:57 -06:00
Tod Beardsley fa77909c67 whitespace fix 2011-11-18 08:51:07 -06:00
Tod Beardsley 55367fad4f Merge pull request #25 from rapid7/post_module_sudo
Post module sudo
2011-11-18 06:30:40 -08:00
David Maloney 11c1f0983f Fixes #5993 2011-11-17 18:05:36 -08:00
David Maloney 77cba9de7c Merge branch 'cbdfix'
Conflicts:
	modules/post/windows/gather/credentials/imvu.rb
	modules/post/windows/gather/forensics/duqu_check.rb
	modules/post/windows/recon/computer_browser_discovery.rb
2011-11-17 14:55:20 -08:00
Tod Beardsley d8b77564ef Tidying up, fixing csh echo behavior 2011-11-17 16:29:02 -06:00
David Maloney 3bfe7e9b98 fix to comptuer browser discovery to output properly and sotre as loot
added additional option to save detected hosts in the db.
2011-11-17 14:17:28 -08:00
Tod Beardsley 9878517f80 Cleanup and light refactoring, deal with slowpoke linux telnet cmd_exec() 2011-11-17 13:19:13 -06:00
Tod Beardsley 84fb5b441a Cleaning up some names and descs 2011-11-17 07:47:26 -06:00
David Maloney 4c90b68b4f Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-16 19:10:53 -08:00
David Maloney eae171b216 Addresses issue #5984 2011-11-16 19:07:56 -08:00
Tod Beardsley 93a133d5de Always try both export and setenv. Fixups to allow for correct reading from echoy nix shells. Fixes is_root? to not treat an empty string as 0 2011-11-16 16:48:19 -06:00
sinn3r fea42dbdee Add feature #5872 2011-11-16 12:26:54 -06:00
Tod Beardsley 725431dbdb Simpler method for setenv vs export. Tested on csh, ksh, zsh, sh, bash 2011-11-15 19:31:15 -06:00
Tod Beardsley d969006268 Adding zsh 2011-11-15 19:10:25 -06:00
Tod Beardsley 5cdab2ef41 Less repetitive error messages 2011-11-15 18:17:25 -06:00
Tod Beardsley 26659d8b17 Adding a sudo post module for easier automation 2011-11-15 17:38:45 -06:00
David Maloney d8347a1245 Fixes to post modules that store creds as loot.
All post modules that store creds as loot now store in
a CSV format with User and then Password always as the
first two columns.
2011-11-15 14:13:51 -08:00
David Maloney f6b0ffd630 Cleanup of the stack traces in the pidgin and filezilla client cred modules 2011-11-15 12:19:15 -08:00
David Maloney 8d47883af0 Moving the wlan directory up a level. It makes more sense in it's own area
instead of under gather.
2011-11-15 08:29:13 -08:00
David Maloney c8142043e9 Fixes to credential handling to downcase usernames whenever they are not case sensitive.
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
2011-11-14 22:50:52 -08:00
Tod Beardsley 96d2209ca2 Minor fixups for trace report_note patch 2011-11-14 10:40:11 -06:00
andurin 5d5c9464cc Do some report_note while TRACE detection 2011-11-14 12:10:53 +01:00
sinn3r 2536cf0308 Add feature #5779 2011-11-14 01:49:26 -06:00
andurin 5856112797 Quickfix: missing require in post/windows/escalate/getsystem.rb
Resolves:
[-] WARNING! The following modules could not be loaded!
[-]     contrib/metasploit-framework/modules/post/windows/escalate/getsystem.rb: NameError uninitialized constant Msf::Post::Windows
2011-11-13 14:25:31 +01:00
Andurin 71599f5ef9 Fix sqlmap aux to work with actual sqlmap.py
Commit relates to IssueID #5807
2011-11-13 09:18:33 +01:00
HD Moore 4f177acf88 Merge pull request #9 from swtornio/master
Add osvdb ref
2011-11-12 11:35:24 -08:00
sinn3r e4ebb890d8 Apply patch for bug #5963 2011-11-12 13:17:26 -06:00
sinn3r 41d746a07a Add Support Incident Tracker (Feature #5964) by Juan 2011-11-12 12:36:21 -06:00
Steve Tornio a0c9297500 add osvdb ref 2011-11-12 06:01:41 -06:00
sinn3r 170c4f5451 Fix author email format 2011-11-12 01:53:25 -06:00
sinn3r b8b8732d85 Correct disclosure date 2011-11-12 01:12:28 -06:00
sinn3r ed5bae6441 oops, I don't need that extra comment 2011-11-12 01:04:00 -06:00
sinn3r 84c5268ab4 Add Aviosoft DTV exploit 2011-11-12 01:02:40 -06:00
HD Moore 2ec21858c6 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-11 16:20:27 -06:00
HD Moore 65fc693c66 Add a getsystem post module for automation 2011-11-11 16:19:49 -06:00
sinn3r 62fdbd549c no need to register VERBOSE, because it's already a standard option in all modules. Thanks egyp7 for the reminder. 2011-11-11 15:37:47 -06:00
sinn3r 2d940e2c91 Apply patch #5952 2011-11-11 14:58:17 -06:00
Tod Beardsley 2f6c9d6d08 Removing a hated semi-colon, noting that the rescue does nothing 2011-11-11 13:59:14 -06:00
sinn3r e1cea699a7 yo, format police is in town for some law and order around here 2011-11-11 11:39:13 -06:00
sinn3r 35f84f5e42 yo, ruby 1.8 fix 2011-11-11 11:38:28 -06:00
sinn3r fdef66f2bf yo, ruby 1.8 fix 2011-11-11 11:38:08 -06:00
sinn3r 6f050d624f Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-11 11:24:55 -06:00
sinn3r e972234629 yo, owa bruteforce utility in the house (Feature #4725) 2011-11-11 11:23:35 -06:00
Tod Beardsley 184eee0e64 Merge branch 'duqu' 2011-11-11 10:22:12 -06:00
Tod Beardsley e03b6d27d2 Adding a colon to Request keyword mostly just to test local changes 2011-11-11 10:20:52 -06:00
Marcus J. Carey ef1a86e839 adding email address 2011-11-11 09:44:18 -06:00
David Maloney 6ae8bbb6ce Fixes #5832 2011-11-10 21:57:24 -08:00
Marcus J. Carey 5a75a67830 cleaning up tabs and rename variables for clarity 2011-11-10 23:26:19 -06:00
David Maloney c30d98093f Merge branch 'iss5426' 2011-11-10 20:39:48 -08:00
David Maloney c984ea41d1 Quick fix to cred sourcing to eliminate spaces in the source type 2011-11-10 20:39:13 -08:00
HD Moore 17150b7e0b Merge pull request #5 from aushack/master
Added BID ref for amlibweb module.
2011-11-10 18:22:00 -08:00
HD Moore 43fa2c3d1b Add a gitignore and delete the broken file_autopwn code. Fixes #4964 2011-11-10 20:11:53 -06:00
Patrick Webster f54b622ad3 Added BID ref for amlibweb module. 2011-11-11 12:04:40 +11:00
sinn3r 7191542503 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-10 18:09:55 -06:00
sinn3r 457b7cb6d1 sinn3r: *knock, knock* Whitespace: who's there? sinn3r:Me, I kill you 2011-11-10 18:08:28 -06:00
wchen-r7 0675def3d4 Whitespace, I kill you. 2011-11-10 18:00:50 -06:00
Marcus J. Carey e140361ffd change keys to array instead of comma delimited string 2011-11-10 16:11:11 -06:00
wchen-r7 3a328e1a1c Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-10 16:09:35 -06:00
wchen-r7 b761c6a9cc Add feature #5933 2011-11-10 16:09:03 -06:00
HD Moore d75e4aead3 Cosmetic changes 2011-11-10 15:45:02 -06:00
Marcus J. Carey 7348a71c24 adding duqu_check.rb 2011-11-10 15:20:48 -06:00
Steve Tornio 0c36915dae add osvdb ref 2011-11-10 13:24:26 -06:00
wchen-r7 453082678f Add CVE-2010-1871 (Feature #5922) 2011-11-10 10:21:17 -06:00
wchen-r7 a9ebfbd604 Add feature #5912 2011-11-10 03:13:57 -06:00
wchen-r7 3ff1449995 Do report_note() 2011-11-10 02:16:25 -06:00
wchen-r7 c569ec4a33 Don't really need a revision # in source 2011-11-09 22:10:52 -06:00
Wei Chen 32bb3af298 Add feature #5946 2011-11-09 21:49:34 -06:00
Matt Buck 16f45fc894 Add empty directories from svn repo. 2011-11-09 18:41:40 -06:00
Wei Chen 9ff5eabb4b Fix #4915
git-svn-id: file:///home/svn/framework3/trunk@14201 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 08:51:47 +00:00
David Maloney a88f954640 More Cred Sourcing
git-svn-id: file:///home/svn/framework3/trunk@14197 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 01:49:57 +00:00
Matt Weeks fdf13e5e0e Fixes #5927
git-svn-id: file:///home/svn/framework3/trunk@14196 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 21:45:17 +00:00
David Maloney aa4f6c1cae More cred sourcing fixes
git-svn-id: file:///home/svn/framework3/trunk@14193 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 18:45:47 +00:00
David Maloney cdbe7bc587 Multiple fixes to cred reporting on this module
git-svn-id: file:///home/svn/framework3/trunk@14192 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 17:25:39 +00:00
Wei Chen 16fc275853 whitespace cleanup
git-svn-id: file:///home/svn/framework3/trunk@14191 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 16:09:31 +00:00
Carlos Perez 3ac11b7d44 Whitespace clean up
git-svn-id: file:///home/svn/framework3/trunk@14190 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 15:48:04 +00:00
Carlos Perez 4490bb4683 handle better certain options that may use = sign
git-svn-id: file:///home/svn/framework3/trunk@14189 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 15:14:00 +00:00
Wei Chen c4fa5b4674 Fix #5937. Vista is currently taken down because it's not stable enough.
git-svn-id: file:///home/svn/framework3/trunk@14188 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 09:35:18 +00:00
David Maloney 2d80d1e144 Fixes Cred Sourcing in report_auth_info() for post modules.
git-svn-id: file:///home/svn/framework3/trunk@14187 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 03:34:49 +00:00
Carlos Perez 28c2408fdd handle better certain options that may use = sign
git-svn-id: file:///home/svn/framework3/trunk@14186 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 03:22:54 +00:00
Patrick Webster 77a3edbb4f Added squiz_matrix_user_enum aux module.
git-svn-id: file:///home/svn/framework3/trunk@14185 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 03:14:39 +00:00
Wei Chen ad94bae78f Fix bug #5923
git-svn-id: file:///home/svn/framework3/trunk@14182 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 17:52:02 +00:00
Wei Chen 7ffcf62a2e Add #5364
git-svn-id: file:///home/svn/framework3/trunk@14181 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 17:34:42 +00:00
Wei Chen 12378b45d6 Fix #5502
git-svn-id: file:///home/svn/framework3/trunk@14180 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 07:44:02 +00:00
Wei Chen 0b981b0db0 Add OSVDB reference
git-svn-id: file:///home/svn/framework3/trunk@14179 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 02:01:42 +00:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Wei Chen b1d38a44a4 Clenaup
git-svn-id: file:///home/svn/framework3/trunk@14174 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 21:23:21 +00:00
Wei Chen 49dddf1396 Yeah, don't really need the bottom comment anymore
git-svn-id: file:///home/svn/framework3/trunk@14172 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 20:16:34 +00:00
Wei Chen 43a22d3fa0 Add Office 2007 SP2 target, thanks Juan
git-svn-id: file:///home/svn/framework3/trunk@14171 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 17:33:29 +00:00
Wei Chen 70a64bf4db Fix indent level and whitespace
git-svn-id: file:///home/svn/framework3/trunk@14170 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:18:30 +00:00
Wei Chen 1a2f60f4c0 Add MS11-021 (#5917)
git-svn-id: file:///home/svn/framework3/trunk@14169 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:05:42 +00:00
Matt Weeks e4d540e031 Seplling
git-svn-id: file:///home/svn/framework3/trunk@14166 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 15:43:28 +00:00
HD Moore f6cc9eade7 Replace my crufty old ASN.1 parser with OpenSSL::ASN1
git-svn-id: file:///home/svn/framework3/trunk@14165 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 05:12:28 +00:00
Wei Chen 1272736b72 indent level fix
git-svn-id: file:///home/svn/framework3/trunk@14162 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 21:04:54 +00:00
David Maloney a0aebe98bb Adds the community submitted ePO database password post module
Did some minor code cleanup and replaced the hostname resolution with mubix's railgun
code to make the victim do the resolution. This should be more reliable.
Fixes #5210


git-svn-id: file:///home/svn/framework3/trunk@14160 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 20:15:14 +00:00
David Maloney 69193f9fe4 Some quick fixes to enum_cred_store
Fixes #5218


git-svn-id: file:///home/svn/framework3/trunk@14159 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 19:28:53 +00:00
David Maloney 07a41924a6 Added mubix's enum_termserv post module.
Fixes #5914


git-svn-id: file:///home/svn/framework3/trunk@14158 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 18:47:22 +00:00
James Lee 155c3ff9ac whitespace
git-svn-id: file:///home/svn/framework3/trunk@14157 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 17:17:10 +00:00
Steve Tornio 7a07e069da add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@14156 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 14:15:00 +00:00
Wei Chen 3d6f631780 Upgrade mini_stream as a remote module. Account for all variables that affect the offset to EIP. Also digital1 = Ron.
git-svn-id: file:///home/svn/framework3/trunk@14155 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 08:20:43 +00:00
Wei Chen 057725450c svn propset. fix author email format
git-svn-id: file:///home/svn/framework3/trunk@14154 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 08:16:36 +00:00
Carlos Perez f23389390b better handling of hosts with no USB History
git-svn-id: file:///home/svn/framework3/trunk@14153 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 22:59:39 +00:00
Carlos Perez 86a7807b97 Added a couple more checks for the names of the post modules provided
git-svn-id: file:///home/svn/framework3/trunk@14152 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 22:40:29 +00:00
Carlos Perez 1c5d44c40a Fix variable declaration
git-svn-id: file:///home/svn/framework3/trunk@14151 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 22:28:08 +00:00
David Maloney 585a7cc4a2 Adding the HTTP Trace scanner from CG
Fixes #3390


git-svn-id: file:///home/svn/framework3/trunk@14150 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 20:09:11 +00:00
HD Moore c7f0568769 Fix next vs return issue
git-svn-id: file:///home/svn/framework3/trunk@14149 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 18:34:30 +00:00
David Maloney 7091fc1eea Adding mubix's post modules
Fixes #5916
Fixes #5913
Fixes #5915


git-svn-id: file:///home/svn/framework3/trunk@14148 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 03:00:51 +00:00
Mario Ceballos f25dc59371 spelling.
git-svn-id: file:///home/svn/framework3/trunk@14146 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 21:56:38 +00:00
Mario Ceballos 2b00ace437 spelling.
git-svn-id: file:///home/svn/framework3/trunk@14145 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 21:47:27 +00:00
Wei Chen 3722a5c3c1 Add LifeSize room command injection (feature #5333)
git-svn-id: file:///home/svn/framework3/trunk@14143 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 19:40:05 +00:00
David Maloney 131ffe4ab2 Fixed inconsistencies in how data was being passed to report_auth_info(). The command dispatcher and filezilla
server cred module both used the accessor :ptype but report_auth_info looks for :type. 

While ptype is what the db field is called, almsot everything else references :type so it is better
for consistency to keep everything at :type.

Fixes #5906



git-svn-id: file:///home/svn/framework3/trunk@14141 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 02:47:28 +00:00
David Maloney 4ab4a2cec7 fixes issues with with imvu, forgot the require statement.
git-svn-id: file:///home/svn/framework3/trunk@14140 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 21:50:06 +00:00
Wei Chen ae9e8b7821 Syntax fix for ruby 1.8
git-svn-id: file:///home/svn/framework3/trunk@14139 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 21:48:24 +00:00